Everhart, Glenn From: Bob Marcan [Bob.Marcan@aster.si] Sent: Wednesday, January 27, 1999 5:19 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: Why VMS? sys$help:cc060.release_notes: o New command line qualifier, /CHECK=BOUNDS. This qualifier causes the compiler to generate code to check the bounds of array-indexing expressions at runtime, and raise an exception (%SYSTEM-F-SUBRNG, arithmetic trap, subscript out of range) if the index is out of bounds. Note that the C language defines the subscript expression a[i] to be equivalent to *(a+i), relying on the implicit conversion of an array name to a pointer to the first element of an array, and on the fact that adding an integer to a pointer involves "scaling" the index by the size of the pointed-to object. So array syntax can be used either with pointers or with the names of arrays. Array bounds are only checked when an element is accessed using a declared array name (using either array notation or pointer +/- integer notation). In particular, the check is made at the point that the compiler processes an add or subtract of an array name and an integer - the result of that operation is a pointer, and so subsequent operations are not included in the checking code. Also note that the C language considers computation of the address one past the end of an array to be fully portable. Therefore, expressions that appear to compute an address allow an extra element at the end. It is only when an array name is used directly with array subscript notation that the exact upper bound is checked. E.g. { int a[5]; // elements are 0..4, but you // can take the address of a[5] int *pa, i=6, j=-6; pa = a + i; // trap, &a[6] pa = a + i + j; // trap, &a[6] - 6 pa = a + (i + j); // no trap, &a[0] pa = a + (i - 1); // no trap, &a[5] j = a[i - 1]; // trap, a[5] j = *(a + (i - 1)); // no trap, looks like &a[5] }